One Community Health Data Breach Exposes Patient PII & PHI

One Community Health, a nonprofit health center based in Sacramento, Calif., is notifying patients of a data breach involving its business partner, TriZetto Provider Solutions.

The data breach originated with TriZetto Provider Solutions, a health insurance clearinghouse that One Community Health uses to process insurance eligibility and claims. On Oct. 2, 2025, TriZetto discovered suspicious activity within a web portal used by some of its healthcare provider clients.

Following an investigation with external cybersecurity experts from Mandiant and law enforcement, it was determined that an unauthorized individual accessed certain historical eligibility transaction reports stored on TriZetto’s system between Nov. 2024 and Oct. 2, 2025, the span of nearly a year.

The exposed information varies by individual but may include names of patients and primary insureds, addresses, dates of birth, Social Security numbers, health insurance member numbers (and in some cases, Medicare beneficiary numbers), health insurer names, information about the primary insured or beneficiary, and other demographic, medical and health insurance information.

According to the U.S Department of Health and Human Services report on Jan. 2, 2026, the incident has potentially compromised sensitive personal and health information of 4,309 individuals. On Jan. 8, 2026, the incident was also reported to the California Attorney General.

One Community Health's response

Upon learning of the breach, TriZetto launched an investigation, engaged cybersecurity experts, and notified law enforcement. The company took steps to eliminate the threat and secure its systems, confirming with investigators that no further unauthorized activity has occurred since the incident was discovered.

One Community Health posted a detailed notice of the data security incident on its website on December 19, 2025.

To help those affected, TriZetto is offering complimentary credit monitoring, fraud consultation, and identity theft restoration services through Kroll.

If you receive notification from One Community Health or TriZetto Provider Solutions about this breach, you may want to:

• Sign up for the free identity theft protection services offered by the company.
• Monitor your credit reports and financial accounts for any unusual activity.
• Be alert for phishing emails or phone calls that may use your exposed information.
• Consider placing a fraud alert or credit freeze with major credit bureaus.

For questions about this incident, patients can contact Amaz-Linda Affi, RHIT, CHPS, Privacy Manager, at 916-269-8935 or aaffi@onecommunityhealth.com, or Rob P. Colon-Torres, Chief Compliance Officer, at 916-443-3299 or rtorres@onecommunityhealth.com.